We are going to see how to simulate an ICMP Flood with a Cisco router.

Thanks to the variety of options offered by the ping command, selecting the adecuate parameters, we can make the sequence of ICMP packets seem an ICMP Flood.

This is great, specially when we need to check that certain IDS/IPS signatures are working properly.

Let’s see the options:

router# ping ip 10.0.0.1 ?
 data      specify data pattern
 df-bit    enable do not fragment bit in IP header
 repeat    specify repeat count
 size      specify datagram size
 source    specify source address or name
 timeout   specify timeout interval
 validate  validate reply data

And the winner is:

router# ping 10.0.0.1 repeat 1000 size 64 timeout 0

I can ensure that traffic generated is seen as ICMP Flood on any kind of IDS.